Interactive Report Summary

Q4 and Full-Year 2021

Q4 2021 was a quieter quarter, with decreases in activity across malware, botnet and exploitation events.

Top Findings at a Glance

Q4 2021 was a quieter quarter, with decreases in activity across malware, botnet and exploitation events. The same is true when comparing 2021 to 2020. However, threats continue to evolve and become more sophisticated. Learn more about the biggest threats in our latest report.

MALWARE

VGA agents continue to dominate

Malicious PDFs a close second

BOTNET

Emotet botnet has seen a resurgence

39 unique botnets detected

EXPLOIT

SMB Brute Forcing remains the top exploitation attempt

228,906 Exploits detected per day

The Apache Log4j

The Apache Log4j vulnerability, which didn’t appear until December, had such wide sweeping impacts that it shot to the top 5 exploits for 2021.

Ransomware saw a 54.2% increase in Q4

Methodology

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q4 2021 in Review

October through December

October 20

Joint CISA, FBI and NSA Advisory Regarding BlackMatter Ransomware

November 4

BlackMatter Ransomware Gang Shutting Down

November 11

Zero-Day Affecting Palo Alto Networks GlobalProtect Portal Disclosed

November 17

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities

December 2

Return of Emotet

December 9

FortiOS SSL-VPN CSRF Vulnerability Disclosed

December 10

Apache Log4j2 Zero-Day Discovered

Let's Dive Into the Data

Activity

Average

Total Events

Unique Variants

-0.24%

Total Activity

Malware

Detection, Q4 2021

Across Nuspire managed and monitored devices, there was a decrease of 4.24% in total malware activity compared to Q3.

How to Combat
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.

Malware

As previously witnessed, VBA Agents continue to dominate malware activity, as these are commonly deployed in phishing malspam campaigns and act as an initial loader for other malware families.

Activity

Average

Total Events

Unique Variants

-0.92%

Total Activity

Botnets

Detection, Q4 2021

We saw a decrease of 57.92% in botnet activity.

How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.

Botnets

XorDDOS had a resurgence in Q3 and continued attacks throughout Q4. Other top botnets include Andromeda and Torpig.

Activity

Average

Total Events

Unique Variants

-0.97%

Total Activity

Exploits

Detection, Q4 2021

Exploit activity decreased by 45.97% over Q3 data, and threat actors focused on targeting perimeter devices.

How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.

Exploits

When reviewing exploit attempts, SMB Brute Forcing remains at the top, comprising 51% of all seen attacks.

Stay Vigilant

Unfortunately, there is more in store in the cybersecurity threat scape for 2022. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.

Download the Report